Hello Manjunath-

Looks like you are creating multiple JMX connectors (one is JVM default, the 
other is ActiveMQ creating one per your non-default configuration). ActiveMQ 
does not need a dedicated connector, so you can modify the <managementContext 
createConnector=“false” /> and just use the -D parameters.

ref: https://activemq.apache.org/jmx <https://activemq.apache.org/jmx>

Thanks,
Matt Pavlovich

> On Nov 7, 2022, at 12:21 PM, Manjunath Kashyap <mail2manjukash...@gmail.com> 
> wrote:
> 
> Hi All,
> 
> ISSUE:
> 
> We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and Producers.
> We also have installed the Web console to list all the queues using the MBEAN 
> connector.
> AS part of this implementation, we have provided the JMX plain username and 
> password in the Catalina.sh script.
> 
> We have been told this is a Security threat and are requested to remove the 
> Plain password from the process.The config and output is as shown below.
> 
> activemq.xml:
> 
> <managementContext>
>                   <managementContext createConnector="true"  
> connectorPort="5014">
>                    <property 
> xmlns="http://www.springframework.org/schema/beans"; name="environment">
>                     <map xmlns="http://www.springframework.org/schema/beans";>
>                     <entry xmlns="http://www.springframework.org/schema/beans";
>                                key="jmx.remote.x.password.file"
>                                   value="${activemq.base}/conf/jmx.password"/>
>                     <entry xmlns="http://www.springframework.org/schema/beans";
>                               key="jmx.remote.x.access.file"
>                                 value="${activemq.base}/conf/jmx.access"/>
>                     </map>
>                    </property>
>                  </managementContext>
> 
> 
> Catalina.sh :
> 
> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>  -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=*******”
> 
> 
> The process displays the password in plain text. So to overcome this issue we 
> tried the below configuration in Catalina.sh but no luck,
> 
> JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
> -Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
> -Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
>  -Dcom.sun.management.jmxremote.ssl=false 
> -Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password
>  
> -Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access
>  -Dcom.sun.management.jmxremote.rmi.port=5014 
> -Dcom.sun.management.jmxremote.authenticate=true”
> 
> 
> Question: Is there a way to hide the password in the tomcat configuration to 
> authenticate to the brokers?
> 
> 
> Thanks,
> Kashyap.

Reply via email to